OFBiz OFBiz - Notifications

[jira] [Updated] (OFBIZ-11784) setPackageInfo process requires ACCOUNTING_VIEW permission to view invoice PDF

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Updated] (OFBIZ-11784) setPackageInfo process requires ACCOUNTING_VIEW permission to view invoice PDF

Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-11784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pierre Smits updated OFBIZ-11784:
---------------------------------
    Labels: packing permissions refactoring usability  (was: packing refactoring usability)

> setPackageInfo process requires ACCOUNTING_VIEW permission to view invoice PDF
> ------------------------------------------------------------------------------
>
>                 Key: OFBIZ-11784
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11784
>             Project: OFBiz
>          Issue Type: Bug
>          Components: product
>    Affects Versions: 17.12.03, Trunk
>            Reporter: Pierre Smits
>            Priority: Major
>              Labels: packing, permissions, refactoring, usability
>
> In the packing process (see [1]) links are shown to the invoice and the PDF thereof. The packer should not have access to the invoice details in accounting, but should be able to view the PDF for the invoice.
> However, in order to be able to generate the PDF the packer needs VIEW permissions to the accounting to execute https://demo-stable.ofbiz.apache.org/accounting/control/invoice.pdf?invoiceId=CI1&externalLoginKey=ELa5470e53-ff90-4977-896f-8302be1752b9
> This should not be as it provides the packer with access to all accounting sensitive data.
> [1] https://demo-stable.ofbiz.apache.org/facility/control/setPackageInfo



--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Free forum by Nabble Edit this page